Recently I attended the three-day Corelan Advanced Exploit Development class in Sydney Australia. People had warned me beforehand, that the training is from 9am until 9pm, so I was aware that it would likely be a sleepless couple of days.
Overall, the course was well designed and had plenty of exercises along the way, to make sure that every student understood all of the concepts taught.
The lack of 64bit covered I don’t see was an issue, as we learnt the concepts, and should be able to easily apply the knowledge to 64bit systems. Some heap related techniques we used, may not work out of the box in a full 64bit environment, however this does not mean it is not possible.
Below is an outline of the course modules and what was included.
A quick ASLR and DEP recap, very helpful to get your head back into the exploit game.
Introduction to the Heap and the Windows Heap Manager, and the heap in general. This was fairly large, due to the training being all about the Heap. Looked at the differences between the Windows 7 and Windows 10 heap managers.
All about heap spraying, what it is, why it is useful. The differences between heap spraying between Windows 7 and Window 10 revisited + exercises.
WinDBG 101, very useful cheat sheet and an introduction to WinDBGs logging, and conditional breakpoints. Night homework was based around this.
Much more around the Window Heap manager. Included a good number of further exercises, well planned to make sure you have learnt what was taught.
Starting the exploit dev stuff, raining shells + homework.
Intro to memory leaks and why they are needed. Actually learnt what people mean when they say “Memory leaks are created, not found.”
More exploit development took place throughout the day. Practical exercises using memory leaks to calculate offsets for exploits.
Going over the homework for the next 6 – 9 months.
At the end of the week, I can confidently say that the training was well worth the time and the energy to attend and complete every task. Would I recommend it, for sure. Peter was a great trainer who was ready to not only help you find the answers for yourself, but helped ask the right questions.
The course can be found at the link below.